Severity
Medium
Analysis Summary
CVE-2023-32375 CVSS:5.5
Apple macOS Ventura and macOS Monterey could allow a remote attacker to obtain sensitive information, caused by a flaw in the Model I/O component. By persuading a victim to process a specially crafted 3D model, an attacker could exploit this vulnerability to obtain sensitive information from process memory, and use this information to launch further attacks against the affected system.
CVE-2023-27929 CVSS:5.5
Apple macOS Ventura could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in ImageIO. By persuading a victim to open a specially crafted image file, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2022-42798 CVSS:5.5
Apple macOS, iOS, iPadOS, watchOS and tvOS could allow a remote attacker to obtain sensitive information, caused by improper memory handling in the Audio component. By persuading a victim to open a specially-crafted audio file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2022-32797 CVSS:7.7
Apple macOS Catalina and Monterey is vulnerable to a denial of service, caused by improper checks in AppleScript component. By using a specially-crafted AppleScript binary, a local attacker could exploit this vulnerability to cause unexpected termination or disclosure of process memory.
Impact
- Information Disclosure
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-32375
- CVE-2023-27929
- CVE-2022-42798
- CVE-2022-32797
Affected Vendors
Apple
Affected Products
- Apple macOS Ventura 13.3
- Apple macOS Ventura 13.2
- Apple macOS Monterey 12.6.5
- Apple iOS 15.7
- Apple iOS 16
- Apple iPadOS 15.7
- Apple macOS Big Sur 11.7
- Apple macOS Monterey 12.6
- Apple tvOS 16.0
- Apple watchOS 9.0
- Apple macOS Catalina
- Apple macOS Monterey 12.4
Remediation
Refer to Apple Security Advisory for patch, upgrade or suggested workaround information.